MS13-041: Vulnerability in Lync could allow remote code execution: May 14, 2013

Applies to: Microsoft Lync 2013Lync 2010Lync 2010 Attendee More

INTRODUCTION


Microsoft has released security bulletin MS13-041. To view the complete security bulletin, visit the following Microsoft website: 

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

Known issues with this security update

Each security update that is addressed in this bulletin requires that the latest publicly released cumulative update for the affected software is installed before you apply the update. If you install an update through Microsoft Update, the appropriate cumulative update will be automatically installed together with the security update.

However, if you plan to apply an update manually by downloading it from the Microsoft Download Center, you should be aware that the Lync Server Update Installer on Microsoft Download Center page will automatically install previous Cumulative Updates (CU) for all Lync Servers. See the following table for product-specific links for obtaining the cumulative updates for manual installations.

Affected SoftwareDownload Page for Latest Cumulative Update
Microsoft Office Communicator 2007 R2
(2827753)
Updates Resource Center for Office Communications Server 2007 R2 and Clients
Microsoft Lync 2010 (32-bit)
(2827750)
Updates resource center for Lync 2010
Microsoft Lync 2010 (64-bit)
(2827750)
Updates resource center for Lync 2010
Microsoft Lync 2010 Attendee
(admin level install)
(2827752)
Updates resource center for Lync 2010
Microsoft Lync 2010 Attendee
(user level install)
Updates resource center for Lync 2010
Microsoft Lync Server 2013
(2827754)
Updates resource center for Lync Server 2013

Known issues and additional information about this security update




The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.


  • 2827750  MS13-041: Description of the security update for Lync 2010: May 14, 2013

    Known issues in security update 2827750:
    • When you install an update for Lync 2010, you are not prompted to close the application (Lync 2010). All ongoing conversations and conferences will be stopped in order to install the update successfully. The user must manually start Lync 2010 after the installation procedure is complete.
  • 2827751  MS13-041: Description of the security update for Lync 2010 Attendee (user level install): May 14, 2013 
  • 2827752  MS13-041: Description of the security update for Lync 2010 Attendee (Administrator level installation): May 14, 20103 
  • 2827753  MS13-041: Description of the security update for Office Communicator 2007 R2: May 14, 2013 
  • 2827754  MS13-041: Description of the security update for Lync 2013 Web Access: May 14, 2013